Sign-up

ID

VAR-200902-0472


CVE

CVE-2009-0137


TITLE

Safari RSS In any JavaScript Vulnerability to be executed

Trust: 0.8

sources: JVNDB: JVNDB-2009-001081

DESCRIPTION

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues.". Safari RSS Has a feed URL In the local security zone. JavaScript There is a vulnerability that is executed.Any remote attacker JavaScript May be executed. Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website. Successfully exploiting these issues will allow the attacker to execute arbitrary JavaScript code in the local security zone. This may allow the attacker to obtain sensitive information that can aid in further attacks; other consequences may also occur. These issues affect versions prior to Safari 3.2.2 for Windows. NOTE: This BID was previously titled 'Apple Safari RSS Feed Information Disclosure Vulnerability', but has been updated to reflect new information. Mac OS X is the operating system used by the Apple family of machines

Trust: 1.98

sources: NVD: CVE-2009-0137 // JVNDB: JVNDB-2009-001081 // BID: 33234 // VULHUB: VHN-37583

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.6

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.6

Trust: 0.8

vendor:applemodel:safariscope:ltversion:3.2.2

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:3.2.2

Trust: 0.3

sources: BID: 33234 // JVNDB: JVNDB-2009-001081 // CNNVD: CNNVD-200902-314 // NVD: CVE-2009-0137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0137
value: HIGH

Trust: 1.0

NVD: CVE-2009-0137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200902-314
value: CRITICAL

Trust: 0.6

VULHUB: VHN-37583
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0137
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37583
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37583 // JVNDB: JVNDB-2009-001081 // CNNVD: CNNVD-200902-314 // NVD: CVE-2009-0137

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-37583 // JVNDB: JVNDB-2009-001081 // NVD: CVE-2009-0137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-314

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200902-314

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001081

PATCH
title:HT3438url:http://support.apple.com/kb/HT3438
Trust: 0.8
title:HT3439url:http://support.apple.com/kb/HT3439
Trust: 0.8
title:HT3439url:http://support.apple.com/kb/HT3439?viewlocale=ja_JP
Trust: 0.8
title:HT3438url:http://support.apple.com/kb/HT3438?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001081

EXTERNAL IDS
db:NVDid:CVE-2009-0137
Trust: 2.8
db:JVNDBid:JVNDB-2009-001081
Trust: 0.8
db:APPLEid:APPLE-SA-2009-02-12
Trust: 0.6
db:CNNVDid:CNNVD-200902-314
Trust: 0.6
db:BIDid:33234
Trust: 0.3
db:VULHUBid:VHN-37583
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37583 // 
            
            
            
            BID: 33234 // 
            
            
            
            JVNDB: JVNDB-2009-001081 // 
            
            
            
            CNNVD: CNNVD-200902-314 // 
            
            
            
            NVD: CVE-2009-0137

REFERENCES
url:http://support.apple.com/kb/ht3438
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2009/feb/msg00000.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2009/feb/msg00001.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0137
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0137
Trust: 0.8
url:http://brian.mastenbrook.net/display/27
Trust: 0.3
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-37583 // 
            
            
            
            BID: 33234 // 
            
            
            
            JVNDB: JVNDB-2009-001081 // 
            
            
            
            CNNVD: CNNVD-200902-314 // 
            
            
            
            NVD: CVE-2009-0137

CREDITS
Graham PerrinClint RuohoBilly Rios
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200902-314

SOURCES
db:VULHUBid:VHN-37583
db:BIDid:33234
db:JVNDBid:JVNDB-2009-001081
db:CNNVDid:CNNVD-200902-314
db:NVDid:CVE-2009-0137

LAST UPDATE DATE
2025-04-10T22:20:11.581000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37583date:2009-08-19T00:00:00
db:BIDid:33234date:2016-07-06T14:18:00
db:JVNDBid:JVNDB-2009-001081date:2009-03-18T00:00:00
db:CNNVDid:CNNVD-200902-314date:2009-02-13T00:00:00
db:NVDid:CVE-2009-0137date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-37583date:2009-02-13T00:00:00
db:BIDid:33234date:2009-01-11T00:00:00
db:JVNDBid:JVNDB-2009-001081date:2009-03-18T00:00:00
db:CNNVDid:CNNVD-200902-314date:2009-02-13T00:00:00
db:NVDid:CVE-2009-0137date:2009-02-13T00:30:05